• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Query regarding DNS records on Internet

Hi All

I had some queries regarding public DNS records I was hoping someone could help me with.

Let's say my domain is kam.com and my ISP is Verizon. Their public DNS servers are DNS1 and DNS2.

Would I be correct in thinking that the authorative DNS servers for the kam.com domain/zone are DNS1 and DNS2?

But I'm not sure how SOA records fit into this?

Let's say Kam.com was a masssive company and I had my own public DNS servers on the internet (is this common?) - DNS3 and DNS4.

Again, the authorative servers for kam.com would be DNS3 and DNS4.

Authorative servers means that when someone queries DNS info for kam.com (e.g. a machine wants to resolve www.kam.com), they are directed to the authorative servers for that domain? What would happen if these servers would be unavailable? Is the information not cached somewhere? In which case, why don't public computers query the cached info first?
0
kam_uk
Asked:
kam_uk
  • 3
  • 3
1 Solution
 
RAHopkinsonCommented:
The authoritative DNS server(s) can be any DNS server that is publicly accessible.  It doesn't have to be a DNS server owned by your ISP, and you don't have to be a massive company to manage your own public DNS servers.  The individual(s) authorized to manage the domain specify which DNS servers are considered authoritative.  To be a little more specific, instead of your DNS servers being dnsauth1.sys.gtei.net and dnsauth2.sys.gtei.net (two of Verizon's publicly-available DNS servers), they could be dns1.kam.com and dns2.kam.com.

The SOA record stores information associated with the zone itself:  the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.

"Authoritative" means that that server is the go-to guy for DNS information that you don't have cached.

For example, if you're sitting at a desk in another company, and you ask for a DNS record, it will first ask the DNS server defined to the workstation.  If it has information on that domain that is not expired, then it will simply return that info to you, and that's that.  If the DNS server does not have that info "cached" then it asks the DNS server that it relies on for DNS queries.  If nonexistent or expired DNS records are found for this domain while going up the chain, then your ISP's DNS server will look for who the authoritative name servers are for Kam.com and then retrieve the info direclty from them.
0
 
kam_ukAuthor Commented:
Hi

Thanks for the great reply!!!

I've checked the SOA records for some domains on the internet - just out of curiosity, what does the TTL (time-to-live) on a resource record mean, and does this apply to all resource records (A, MX etc)? And what would be the benefit of having it high / low?
0
 
RAHopkinsonCommented:
TTL is the value, in seconds, of a record's expiration time, and applies to A records, MX records, etc..  A common TTL value for DNS is 86400 seconds, which is 24 hours. That value would mean that if a DNS record was changed, DNS servers around the world could still be showing the old value from their cache for up to 24 hours after the change.  So prior to making DNS changes, many admins will change the TTL to a smaller value to avoid disruption of services, and then change it back to minimize the load on the authoritative DNS servers.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
kam_ukAuthor Commented:
Thanks...

Re. the TTL, where is this value actually held? I understand the principle but am unsure how this would work in practice?

Let's say I want to change my MX records to point from mail.kam.com to mail2.kam.com. So I undertand that setting a smaller TTL would be better since the change would be propogated quicker (because the DNS servers around the world would refresh their cache quicker) but surely if we are waiting for the TTL change to be replicated across the world, we may as well change the actual MX record itself?

Or would this be more when we knew we were going to change the record in the near future and just wanted to prepare for this?

Also, can you set different TTL for different resource records (e.g. one TTL for A record, one for MX etc) or is it for all of them collectively?

Thanks again
0
 
RAHopkinsonCommented:
The value is stored with the individual record in the zone file, its value passed on and cached with the other cached info for that record.

You would lower the value in preparation for the upcoming change, so that by the time you effected the change, the lower TTL value for the record(s) would have propagated throughout the Internet's DNS servers.  You would then change the TTL back to a reasonable level when you change the infor for the record itself.

Again, each record has its own TTL, so you can set it individually, and it can be different for each record.
0
 
kam_ukAuthor Commented:
Excellent, thanks very much for the great explanations.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now